Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-disclosure] RubyGems 0.9.0 and earlier installation exploit
From: Eric Hodel (drbrainsegment7.net)
Date: Sun Jan 21 2007 - 03:09:39 CST
RubyGems is the typical packaging tool for ruby packages.
RubyGems home page:
Ruby home page:
RubyGems does not check installation paths for gems before writing
Since RubyGems packages are typically installed using root
permissions, arbitrary files may be overwritten on-disk. This may
lead to denial of service, privilege escalation or remote compromise.
No known workarounds
a) Upgrade to RubyGems 0.9.1
b) Apply one of the following patches
For RubyGems 0.9.0:
For RubyGems 0.8.11:
MD5 (installer.rb.extract_files.REL_0_8_11.patch) =
MD5 (installer.rb.extract_files.REL_0_9_0.patch) =
Patches may also be downloaded here:
Remote installations via Rubyforge will be disabled in the near
future for versions of RubyGems earlier than 0.9.1, even for patched
versions of RubyGems. Local installations will continue to work,
Thanks to Gavin Sinclair for finding and reporting this problem.
Testing your updated RubyGems:
Installing rspec-0.7.5 will give an InstallError on a patched version
$ gem install rspec --version 0.7.5
ERROR: While executing gem ... (Gem::InstallError)
attempt to install file into "../web_spec/
An updated rspec (0.7.5.1) has already been released.
Eric Hodel - drbrainsegment7.net - http://blog.segment7.net
I LIT YOUR GEM ON FIRE!
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- application/octet-stream attachment: installer.rb.extract_files.REL_0_9_0.patch
- application/octet-stream attachment: installer.rb.extract_files.REL_0_8_11.patch